Systems and Methods for Securing Data in Motion

1. A method for securing data, the method comprising: receiving, using a programmed hardware processor, a first set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first split key, wherein: (1) the first set of data shares includes at least a minimum number less than all of a plurality of data shares generated from the encrypted data set, and (2) each data share of the first set of data shares is based on a portion less than all of the encrypted data set; and in response to detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set: (a) reconstructing the encrypted data set using the first split key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set, and (b) generating a second set of data shares from the reconstructed encrypted data set using a second split key without decrypting the reconstructed encrypted data set, wherein the second split key is different from the first split key retrieving headers associated with the first set of data shares; extracting a key encryption key from the retrieved headers; encrypting an authentication key with the key encryption key; and storing the encrypted authentication key within headers of the second set of data shares.

2. The method of claim 1 , further comprising detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set in response to a determination that one or more of the first set of data shares have been compromised.

3. The method of claim 1 , further comprising storing at least one data share of the second set of data shares on a storage network.

4. The method of claim 3 , wherein the storing comprises storing the at least one data share on a storage network that includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device.

5. The method of claim 1 , wherein the reconstructing comprises: authenticating the first set of data shares with a first authentication key to obtain an authenticated first set of data shares; and reconstructing the encrypted data set from the authenticated first set of data shares using the first split key.

6. The method of claim 5 , further comprising authenticating the second set of data shares with a second authentication key.

7. The method of claim 6 , further comprising: encrypting the second authentication key with the key encryption key; and storing the encrypted second authentication key within headers of the second set of data shares.

8. The method of claim 1 , further comprising: encrypting the second split key with the key encryption key; and storing the encrypted second split key within headers of the second set of data shares.

9. A method for securing data, the method comprising: receiving, using a programmed hardware processor, a first set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first encryption key, wherein: (1) the first set of data shares includes at least a minimum number less than all of a plurality of data shares generated from the encrypted data set, (2) the first set of data shares is associated with a first authentication key, and (3) each data share of the first set of data shares is based on a portion less than all of the encrypted data set; and in response to detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set: (a) reconstructing the encrypted data set using the first authentication key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set, (b) generating a second set of data shares from the reconstructed encrypted data set without decrypting the reconstructed encrypted data set, and (c) rekeying the second set of data shares by associating the second set of data shares with a second authentication key, wherein the second authentication key is different from the first authentication key retrieving headers associated with the first set of data shares; extracting a key encryption key from the retrieved headers; encrypting the second authentication key with the key encryption key; and storing the encrypted second authentication key within headers of the second set of data shares.

10. The method of claim 9 , further comprising storing at least one data share of the second set of data shares on a storage network.

11. The method of claim 10 , wherein the storing comprises storing the at least one data share on a storage network that includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device.

12. A system for securing data, the system comprising: a programmed hardware processor; and a non-transitory computer readable medium storing computer executable instructions that, when executed by the processing circuitry, cause the computer system to carry out a method for securing data, the method comprising: receiving a first set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first split key, wherein: (1) the first set of data shares includes at least a minimum number less than all of a plurality of data shares generated from the encrypted data set, and (2) each data share of the first set of data shares is based on a portion less than all of the encrypted data set; and in response to detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set: (a) reconstructing the encrypted data set using the first split key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set, and (b) generating a second set of data shares from the reconstructed encrypted data set using a second split key without decrypting the reconstructed encrypted data set, wherein the second split key is different from the first split key retrieving headers associated with the first set of data shares; extracting a key encryption key from the retrieved headers; encrypting an authentication key with the key encryption key; and storing the encrypted authentication key within headers of the second set of data shares.

13. The system of claim 12 , further comprising detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set in response to a determination that one or more of the first set of data shares have been compromised.

14. The system of claim 12 , wherein the method further comprises storing at least one data share of the second set of data shares on a storage network.

15. The system of claim 14 , wherein the storing comprises storing the at least one data share on a storage network that includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device.

16. The system of claim 12 , wherein the reconstructing comprises: authenticating the first set of data shares with a first authentication key to obtain an authenticated first set of data shares; and reconstructing the encrypted data set from the authenticated first set of data shares using the first split key.

17. The system of claim 16 , wherein the method further comprises authenticating the second set of data shares with a second authentication key.

18. The system of claim 17 , further comprising: encrypting the second authentication key with the key encryption key; and storing the encrypted second authentication key within headers of the second set of data shares.

19. The system of claim 12 , wherein the method further comprises: encrypting the second split key with the key encryption key; and storing the encrypted second split key within headers of the second set of data shares.

20. A system for securing data, the system comprising: a programmed hardware processor; and a non-transitory computer readable medium storing computer executable instructions that, when executed by the processing circuitry, cause the computer system to carry out a method for securing data, the method comprising: receiving a first set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first encryption key, wherein: (1) the first set of data shares includes at least a minimum number less than all of a plurality of data shares generated from the encrypted data set, (2) the first set of data shares is associated with a first authentication key, and (3) each data share of the first set of data shares is based on a portion less than all of the encrypted data set; and in response to detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set: (a) reconstructing the encrypted data set using the first authentication key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set, (b) generating a second set of data shares from the reconstructed encrypted data set without decrypting the reconstructed encrypted data set, and (c) rekeying the second set of data shares by associating the second set of data shares with a second authentication key, wherein the second authentication key is different from the first authentication key retrieving headers associated with the first set of data shares; extracting a key encryption key from the retrieved headers; encrypting the second authentication key with the key encryption key; and storing the encrypted second authentication key within headers of the second set of data shares.

21. The system of claim 20 , wherein the method further comprises storing at least one data share of the second set of data shares on a storage network.

22. The system of claim 21 , wherein the storing comprises storing the at least one data share on a storage network that includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device.